Summary
This host is installed with Mozilla firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- The improper implementation of drag-and-drop feature, fails to display the URL properly in addressbar.
- An error when handling 'feed:' URLs can be exploited to bypass the output filters and execute arbitrary JavaScript code.
- The context-menu restrictions for data: URLs are not the same as for javascript: URLs, which allows to conduct XSS attacks.
Affected
Mozilla Firefox version 4.x through 13.0
Mozilla Firefox ESR version 10.x before 10.0.6 on Windows
References
- http://secunia.com/advisories/49965
- http://securitytracker.com/id/1027256
- http://securitytracker.com/id/1027257
- http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1950, CVE-2012-1965, CVE-2012-1966 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Aardvark Topsites Multiple Vulnerabilities
- Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
- Avant Browser Address Bar Spoofing Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)